There is a vulnerability in KDE kjs JavaScript interpreter engine which can be exploited to cause a DoS or arbitrary code to be executed on a vulnerable system.

The JavaScript interpreter engine used by Konqueror and other parts of KDE contain a heap overflow which can be triggered when decoding specially crafted UTF-8 encoded URI sequences. Vulnerable system can be compromised by malicious javascript code (e.g. on a malicious website) using affected JavaScript interpreter engine.

Details can be found at:http://secunia.com/advisories/18500/http://www.kde.org/info/security/advisory-20060119-1.txt

The multi.txt and ok.txt are the same perl script that will perform various tasks such as TCP/UDP/HTTP flood, port scan and will also use Google to search for vulnerable targets. This is very similar to what is seen on:

http://www.webhostingtalk.com/archive/thread/478039-1.html

It will also attempt to connect to an IRC server (shell.durresi.be) over port 34345. The interesting part of the domain durresi.be is:

* The domain is just registered on 20 Jan 06.* Some of the registration information is suspicious and fake. It is a .be domain but registered using a .it email address, a UK snail mail address and a fake US telephone number.

How interesting. If you are running mambo application, make sure it is running the latest version.

Thanks to Patrick Nolan, Marc Sachs and Swa Frantzen for the information.